]> git.saurik.com Git - apple/security.git/blob - libsecurity_codesigning/lib/reqinterp.h
Security-55179.11.tar.gz
[apple/security.git] / libsecurity_codesigning / lib / reqinterp.h
1 /*
2 * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // reqinterp - Requirement language (exprOp) interpreter
26 //
27 #ifndef _H_REQINTERP
28 #define _H_REQINTERP
29
30 #include <security_codesigning/reqreader.h>
31 #include <Security/SecTrustSettings.h>
32 #include <security_cdsa_utilities/cssmdata.h> // CssmOid
33
34 namespace Security {
35 namespace CodeSigning {
36
37
38 //
39 // An interpreter for exprForm-type requirements.
40 // This is a simple Polish Notation stack evaluator.
41 //
42 class Requirement::Interpreter : public Requirement::Reader {
43 public:
44 Interpreter(const Requirement *req, const Context *ctx) : Reader(req), mContext(ctx) { }
45
46 bool evaluate();
47
48 protected:
49 class Match {
50 public:
51 Match(Interpreter &interp); // reads match postfix from interp
52 Match(CFStringRef value, MatchOperation op) : mValue(value), mOp(op) { } // explicit
53 Match() : mValue(NULL), mOp(matchExists) { } // explict test for presence
54 bool operator () (CFTypeRef candidate) const; // match to candidate
55
56 protected:
57 bool inequality(CFTypeRef candidate, CFStringCompareFlags flags, CFComparisonResult outcome, bool negate) const;
58
59 private:
60 CFCopyRef<CFStringRef> mValue; // match value
61 MatchOperation mOp; // type of match
62 };
63
64 protected:
65 bool infoKeyValue(const std::string &key, const Match &match);
66 bool entitlementValue(const std::string &key, const Match &match);
67 bool certFieldValue(const string &key, const Match &match, SecCertificateRef cert);
68 bool certFieldGeneric(const string &key, const Match &match, SecCertificateRef cert);
69 bool certFieldGeneric(const CssmOid &oid, const Match &match, SecCertificateRef cert);
70 bool certFieldPolicy(const string &key, const Match &match, SecCertificateRef cert);
71 bool certFieldPolicy(const CssmOid &oid, const Match &match, SecCertificateRef cert);
72 bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest);
73 bool appleSigned();
74 bool appleAnchored();
75 bool trustedCerts();
76 bool trustedCert(int slot);
77
78 static SecTrustSettingsResult trustSetting(SecCertificateRef cert, bool isAnchor);
79
80 private:
81 const Context * const mContext;
82 };
83
84
85 } // CodeSigning
86 } // Security
87
88 #endif //_H_REQINTERP